Kansariwala Hetashri Dhavalkumar's Blog
API Authentication and Authorization

API Authentication and Authorization

Kansariwala Hetashri Dhavalkumar's photo
Kansariwala Hetashri Dhavalkumar
·

2 min read

Table of contents

There are 4 tiers of authentication

  1. No Authentication

  2. Basic Authentication

  3. API Key Authorization

  4. Token Based Authentication

No Authentication

An example of No Authentication will be the "Public API" which doesn't require any user verification or password protection. Access to the system, service, and device is granted without any permission. However, it is crucial to implement proper authentication to protect sensitive information.

Basic Authentication

Basic authentication is a simple and widely used method for securing API endpoints. It involves sending a username and password as a base64-encoded string in the HTTP request header. However, it is also not a secure option as credentials are sent in plaintext.

base64-encoded string

The text typed from the keyboard will converted into bits and those bits will encoded into another character. It will be in the username: password format and after encoding you will get an encoded long string. And just pass this long string alone when you make a request.

{
Authorization: encoded long string
}

Note: Postman will automatically generate the encoded long string based on the username: password.

Before going further let's understand the difference between authentication and authorization

Authorization vs Authentication

Authentication is simply users can authenticate themselves with the service i.e; users can log in or can register themselves. Authentication is something that allows us to be identified as a user to API Provider.

Authorization is something that allows us to use an API.

API Key Authorization

Authorization is simply a client who is allowed to use the service with an API Key that might be associated with a user, in which case they are authenticating themselves and then getting an API key to authorize themselves to use the API. But it could just be you don't need to register with the API provider and we can simply get hold of an API key and authorize you with the API Provider.

Token Based Authentication

In this, the user will log in with their username and password and once they login, it generates a token to be used with the API so the API doesn't get involved with the username and password instead it is the token that's constantly being used to interact with the API. An example of token authentication is OAuth.

Conclusion

In this article, you will get to know the different types of authentication and how the security level increases as we move to the tiers and how the process is being carried out.

WeMakeDevsHashnodeCommunitykunalkushwahaauthenticationauthorization